Unknown protocol reverse system based on network traffic

A protocol inversion, network traffic technology, applied in the field of unknown protocol inversion system, can solve problems such as space increase, redundant key fields, ambiguity, etc.

Active Publication Date: 2020-06-19
BEIHANG UNIV
View PDF7 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

There are a large number of private protocols in the industrial control protocol, and these private protocols bring great security risks to the industrial control system
The industrial control protocol has some very unique characteristics, which make the reverse effect of traditional protocol reverse tools relatively poor
[0005] The existing problems in protocol field parsing in the prior art are: common subsequence (LCS) is a common method for mining key fields, but this method will bring a large number of redundant key fields
The disadvantage of the n-gram-based method is that key fields with a length greater than n cannot be found, and as the window becomes larger, the space required for n-gram will increase sharply
[0006] The existing problems in protocol format analysis in the prior art are: the method of discover identifying function codes is empirical, and the final parameters need to b

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Unknown protocol reverse system based on network traffic
  • Unknown protocol reverse system based on network traffic
  • Unknown protocol reverse system based on network traffic

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention. In addition, the technical features involved in the various embodiments of the present invention described below can be combined with each other as long as they do not constitute a conflict with each other.

[0022] Such as figure 1 Shown is the system frame diagram of the present invention, which mainly includes two parts: protocol traffic preprocessing and protocol reverse. The protocol reverse includes three parts: protocol field analysis, protocol format reverse, and protocol state machine analysis.

[0023] The system takes network traffic as input, can identify industrial control protocol tra...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an unknown protocol reverse system based on network flow, which comprises the following three steps: step 1, protocol field analysis; 2, reversing a protocol format; 3, analyzing the protocol state machine.

Description

technical field [0001] The invention relates to an unknown protocol reverse system, in particular to an unknown protocol reverse system based on network traffic. Background technique [0002] The network protocol specifies the grammatical and semantic rules that must be followed for information transmission between network entities, and legal data frames must meet the provisions of the protocol. Network protocols are the basis for many network applications. Network analysis tools (wireshark, tshark) etc. are based on network protocols to analyze network packets. The firewall performs deep packet inspection based on network protocols to identify malicious intrusions and ensure network security. The network management system implements traffic classification and management through network protocols. Fuzz tools generate mutant samples based on network protocols, which can also be used to identify botnets. [0003] With the development of the Internet, more and more private ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L69/06H04L69/22
Inventor 李博王晓伟
Owner BEIHANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap